1. Field of the Invention
The present invention relates to an apparatus and method for transmitting data, and a recording medium storing a computer program for executing the method, and more particularly, to an apparatus and method for encrypting data on the basis of an identity-based encryption system and transmitting the encrypted data, and a recording medium storing a program for executing the method in a computer.
2. Discussion of Related Art
Recently, along with the widespread proliferation of personal smartphones, a message service between terminals is provided by using various forms, such as short message service, multimedia message service, a social network service (SNS), instant chatting service, and so on. As the message service is evolving into a social and business-oriented message service in which personal information should be sensitively handled, there is need for tighter security of data produced by users.
However, security in the current message system is mainly achieved through a network security technique such as a secure socket layer, which is vulnerable to interception of original data by an intermediate device other than a first transmitting terminal and a final receiving terminal, for example, a system server, during transmission and reception.
Secure Socket Layer (SSL), which is most widely used as a message service security technology, allows the data of the network to be encrypted and then moved using an authentication process between a client and a server. That is, in this technology, data is encrypted on the network and decrypted into the original data on the server. However, in most messaging services, a server in charge of SSL serves to store and deliver data to a final receiving terminal at an intermediate stage, not at a final receiving stage. This means that a third party, in addition to the first transmitter and the final receiver, can see the content of the original data, which may be problematic. For example, data transmitted from company A providing a corporate messaging service to company B using the service may be collected by the server. In general, security will be maintained between company A and company B on the basis of a contract. However, from a technical standpoint, the original data is accessible, which poses a potentially serious security problem. Therefore, with an identity-based encryption technique, a server authentication procedure such as SSL can be omitted depending on identity-based code properties, thereby preventing data from being leaked by a third party.
Looking over the related arts, Korean Patent Publication No. 2009-0020869, entitled “APPARATUS AND METHOD OF TRANSMITTING/RECEIVING ENCRYPTED DATA IN A COMMUNICATION SYSTEM” discloses that each of a plurality of mobile stations receives a public key from a server on the basis of its identity (ID) to generate a secret key, generates a token using the public key from other mobile stations, generates a session key using the public key and the token, and communicates encrypted data with other mobile stations through the generated session key.
Also, Korean Patent Publication No. 2005-0030982, entitled “METHOD AND SYSTEM FOR SAFELY DISTRIBUTING DIGITALCONTENTS THROUGH COMMUNICATION NETWORK BY USING USERPROGRAMS CONTAINING DIFFERENT DIGITAL IDENTIFICATIONS” discloses that a basic process for digital content seller authentication is implemented within an auxiliary device (for example, a semiconductor chip), and different types of authentication data are generated using a secret symmetric encryption algorithm and a secret key and then encrypted using a public key encryption algorithm and a private key. Thus, there is no need for a separate authentication center or clearing house, thereby simplifying the system and reducing operation cost.